#!/bin/sh /etc/rc.common
# Copyright (C) 2015
# Must keep author's information if you use this file.

START=50

HISTORY_DIR="/etc/config/guestwifi"
[ -e /etc/config/guestwifi ]||mkdir -p /etc/config/guestwifi

enabled=$(uci get guest-wifi.@guest-wifi[0].enable)
wifi_name=$(uci get guest-wifi.@guest-wifi[0].wifi_name)
interface_name=$(uci get guest-wifi.@guest-wifi[0].interface_name)
encryption=$(uci get guest-wifi.@guest-wifi[0].encryption)
passwd=$(uci get guest-wifi.@guest-wifi[0].passwd)
interface_ip=$(uci get guest-wifi.@guest-wifi[0].interface_ip)
isolate=$(uci get guest-wifi.@guest-wifi[0].isolate)
start=$(uci get guest-wifi.@guest-wifi[0].start)
limit=$(uci get guest-wifi.@guest-wifi[0].limit)
leasetime=$(uci get guest-wifi.@guest-wifi[0].leasetime)
device=$(uci get guest-wifi.@guest-wifi[0].device)
create=$(uci get guest-wifi.@guest-wifi[0].create)


start() {
	[ $enabled = 1 ] && {
		[ $create = 1 ] && {
			[ -f /etc/config/guestwifi/guest_del ] || echo "#! /bin/sh" > ${HISTORY_DIR}/guest_del
			chmod 0755 ${HISTORY_DIR}/guest_del
			add_interface
			add_ssid
			mod_dhcp
			mod_fw
			/etc/init.d/network restart
		}
		uci set guest-wifi.@guest-wifi[0].create='0'
		uci commit guest-wifi
		uci del wireless.$interface_name.disabled
		uci commit wireless
		wifi
	}
}


stop() {
	[ $enabled = 0 ] && {
		[ $create = 1 ] && {
			${HISTORY_DIR}/guest_del
			rule_c=`uci show firewall |grep "Hide My LAN for $wifi_name"|grep -o "[0-9]*[0-9]"`
			uci del firewall.@rule[$rule_c]
			uci commit firewall
			rule_b=`uci show firewall |grep "Allow DHCP request for $wifi_name"|grep -o "[0-9]*[0-9]"`
			uci del firewall.@rule[$rule_b]
			uci commit firewall
			rule_a=`uci show firewall |grep "Allow DNS Queries for $wifi_name"|grep -o "[0-9]*[0-9]"`
			uci del firewall.@rule[$rule_a]
			uci commit firewall
			/etc/config/guestwifi/guest_del
			rm -rf /etc/config/guestwifi/guest_del
			/etc/init.d/network restart
		}
		uci set guest-wifi.@guest-wifi[0].create='0'
		uci commit guest-wifi
		uci set wireless.$interface_name.disabled='1'
		uci commit wireless
		wifi
	}
}

restart() {
	stop
	sleep 2
	start		
}

add_interface() {
	name=`uci show network |grep "$interface_ip"`
	if [ $? = 1 ]; then
		uci set network.$interface_name=interface
		uci set network.$interface_name.proto='static'
		uci set network.$interface_name.ipaddr="$interface_ip"
		uci set network.$interface_name.netmask='255.255.255.0'
		echo "uci del network.$interface_name" >> ${HISTORY_DIR}/guest_del
		echo "uci commit network" >> ${HISTORY_DIR}/guest_del
		uci commit network
	fi
}

add_ssid() {
	check_name=`uci show wireless |grep "$wifi_name"`
	if [ $? = 1 ]; then
		uci set wireless.$interface_name=wifi-iface
		uci set wireless.$interface_name.device="$device"
		uci set wireless.$interface_name.mode='ap'
		uci set wireless.$interface_name.network="$interface_name"
		uci set wireless.$interface_name.ssid="$wifi_name"
		uci set wireless.$interface_name.encryption="$encryption"
		uci set wireless.$interface_name.isolate="$isolate"
		if [ "$encryption" != "none" ]; then
			uci set wireless.$interface_name.key="$passwd"
		fi
		echo "uci del wireless.$interface_name" >> ${HISTORY_DIR}/guest_del
		echo "uci commit wireless" >> ${HISTORY_DIR}/guest_del
		uci commit wireless
	fi
}

mod_dhcp() {
	check_dhcp=`uci show dhcp |grep "$interface_name=dhcp"`
	if [ $? = 1 ]; then
		uci set dhcp.$interface_name=dhcp
		uci set dhcp.$interface_name.interface="$interface_name"
		uci set dhcp.$interface_name.start="$start"
		uci set dhcp.$interface_name.limit="$limit"
		uci set dhcp.$interface_name.leasetime="$leasetime"
		echo "uci del dhcp.$interface_name" >> ${HISTORY_DIR}/guest_del
		echo "uci commit dhcp" >> ${HISTORY_DIR}/guest_del
		uci commit dhcp
	fi
}

mod_fw() {
	num_a=`uci show firewall |grep '=zone' |wc -l`
	num_b=`uci show firewall |grep '=forwarding' |wc -l`

	check_zone=`uci show firewall |grep "name=\'$interface_name\'"`
	if [ $? = 1 ]; then
		uci add firewall zone
		echo "uci del firewall.@zone[$num_a]" >> ${HISTORY_DIR}/guest_del
		echo "uci commit firewall" >> ${HISTORY_DIR}/guest_del
		uci set firewall.@zone[$num_a]=zone
		uci set firewall.@zone[$num_a].name="$interface_name"
		uci set firewall.@zone[$num_a].network="$interface_name"
		uci set firewall.@zone[$num_a].forward='REJECT'
		uci set firewall.@zone[$num_a].output='ACCEPT'
		uci set firewall.@zone[$num_a].input='REJECT'
		uci commit firewall
	fi

	check_forward=`uci show firewall |grep "forwarding\[.*\].src=\'"$interface_name\'""`
	if [ $? = 1 ]; then
		uci add firewall forwarding
		echo "uci del firewall.@forwarding[$num_b]" >> ${HISTORY_DIR}/guest_del
		echo "uci commit firewall" >> ${HISTORY_DIR}/guest_del
		uci set firewall.@forwarding[$num_b]=forwarding
		uci set firewall.@forwarding[$num_b].src="$interface_name"
		uci set firewall.@forwarding[$num_b].dest='wan'
		uci commit firewall
	fi

	check_DNS=`uci show firewall |grep "Allow DNS Queries for $wifi_name"`
	if [ $? = 1 ]; then
		num_c=`uci show firewall |grep '=rule' |wc -l`
		uci add firewall rule
		uci set firewall.@rule[$num_c]=rule
		uci set firewall.@rule[$num_c].name="Allow DNS Queries for $wifi_name"
		uci set firewall.@rule[$num_c].src="$interface_name"
		uci set firewall.@rule[$num_c].dest_port='53'
		uci set firewall.@rule[$num_c].proto='tcpudp'
		uci set firewall.@rule[$num_c].target='ACCEPT'
		uci commit firewall
		unset num_c
	fi

	check_DHCP=`uci show firewall |grep "Allow DHCP request for $wifi_name"`
	if [ $? = 1 ]; then
		num_c=`uci show firewall |grep '=rule' |wc -l`
		uci add firewall rule
		uci set firewall.@rule[$num_c]=rule
		uci set firewall.@rule[$num_c].name="Allow DHCP request for $wifi_name"
		uci set firewall.@rule[$num_c].src="$interface_name"
		uci set firewall.@rule[$num_c].src_port='67-68'
		uci set firewall.@rule[$num_c].dest_port='67-68'
		uci set firewall.@rule[$num_c].proto='udp'
		uci set firewall.@rule[$num_c].target='ACCEPT'
		uci commit firewall
		unset num_c
	fi

	check_HIDE=`uci show firewall |grep "Hide My LAN for $wifi_name"`
	if [ $? = 1 ]; then
		num_c=`uci show firewall |grep '=rule' |wc -l`
		uci add firewall rule
		uci set firewall.@rule[$num_c]=rule
		uci set firewall.@rule[$num_c].enabled='1'
		uci set firewall.@rule[$num_c].name="Hide My LAN for $wifi_name"
		uci set firewall.@rule[$num_c].proto='all'
		uci set firewall.@rule[$num_c].src="$interface_name"
		#convert netmask to cidr
		local lan_netmask=`uci get network.lan.netmask`
		local nbits=0
		local IFS=.
		for netmask_dec in $lan_netmask ; do
			case $netmask_dec in
				255) let nbits+=8 ;;
				254) let nbits+=7 ;;
				252) let nbits+=6 ;;
				248) let nbits+=5 ;;
				240) let nbits+=4 ;;
				224) let nbits+=3 ;;
				192) let nbits+=2 ;;
				128) let nbits+=1 ;;
				0) ;;
				*) echo "Error: $netmask_dec can not be recognised as netmask decimal." && exit 1 ;;
			esac
		done
		unset netmask_dec
		uci set firewall.@rule[$num_c].dest_ip="`uci get network.lan.ipaddr`/$nbits"
		uci set firewall.@rule[$num_c].target='REJECT'
		uci commit firewall
		unset num_c
	fi
}
